GitLab announced the general availability of GitLab Duo with Amazon Q.
Drata Acquires oak9 and Announces New Compliance as Code Capabilities
May 02, 2024
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
The acquisition enables Drata to monitor compliance both before and after code is deployed to production. This capability, called Compliance as Code, will be demonstrated at RSA, May 6-9 in San Francisco.
Acquiring oak9 and launching Compliance as Code in Drata now equips thousands of DevSecOps, GRC, and engineering teams with the power to identify and remediate potential compliance violations as code is developed, instead of after it's deployed. GRC teams are routinely challenged to address compliance issues after changes are already in Production, creating a backlog of issues to address after deployment. As DevOps teams grow bigger and more complex, the need to "shift left", to address these compliance gaps earlier in the SDLC, has significantly increased in order to maintain compliance standards without sacrificing speed of development. Oak9 specialized in infrastructure-as-code to build security and compliance into cloud native applications as they are developed, and offered a catalog of out-of-the-box blueprints that ensured that customers can meet their security and compliance objectives for any architecture on any cloud provider.
"It's time to break down infrastructure and GRC silos to stop the cycle of costly and repetitive compliance remediation work. This is the future of compliance automation and GRC and it's here now," said Adam Markowitz, Drata Co-Founder and CEO. "Drata Compliance as Code empowers developers, engineers, and GRC teams to save countless hours by shifting compliance left in the SDLC, collectively improving security and code quality while fostering a culture of continuous compliance."
Integrating oak9's software brings Drata into crucial areas of the SDLC where changes happen, including the code repository, and the continuous integration and continuous delivery/deployment (CI/CD) pipeline. Pre-built tests map to an organization's compliance requirements by scanning their infrastructure code and flag gaps and anomalies with key details for the GRC team to resolve. Now, GRC teams will have shared visibility into their cloud infrastructure and be able to identify failing controls within the code before it ever makes it into production, creating more efficiency and confidence leading up to an audit.
"Oak9's mission from day one has been to address critical security gaps throughout the software development lifecycle, including gaps with compliance, which is all too often viewed as an afterthought. That mindset can be costly for the entire organization," said Om Vyas, Co-Founder and CEO of oak9. "Being integrated into Drata's platform is exceptional validation of our team's commitment to realizing this mission. This sets a new standard in how teams tackle cloud native security and compliance."
Industry News
April 17, 2025
Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.
April 17, 2025
Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.
April 16, 2025
CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
April 16, 2025
Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.
April 15, 2025
Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.
April 14, 2025
LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
April 14, 2025
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
April 14, 2025
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
April 10, 2025
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
